Self-Hosted Workforce Automation Platform — Enterprise Grade
The operating system for how your company works with AI.
Your hub. Your data. Your AI workforce. From the palm of your hand.
Quick start
· Install
· Production & HTTPS
· CLI (@contextzero/nest) & MCP
· Enterprise
· Releases
· Roadmap
· CLI on npm (@contextzero/nest)
English · Español · 中文 · Deutsch · Português · Français
New install? Start here: QUICKSTART.md.
Preferred setup — hub (Docker): clone this repo, cd nest_hub, run ./setup.sh. It generates secrets, pulls images, starts the stack, and waits for health.
CLI (employee machines): the published interface is npm install -g @contextzero/nest — that package is the CLI and installs the annie command. Use Node.js LTS (20+), then annie auth login. pnpm and bun work too if your policy allows global installs via those clients.
Yes, you still have 15+ apps—and that fragmentation was already painful in 2018. Today it compounds with shadow corporate AI: people already use ChatGPT, Claude, Cursor, Copilot, image tools, and loose API keys—you often don’t know where, which model, or what it costs. Prompts start from zero in every tab; when someone leaves, the judgment they refined with AI walks out the door. You have dashboards for revenue and servers, but not for how work actually happens with AI.
NEST is the self-hosted layer your company runs: projects, roles, memory, and governance so agents and chat run under your URLs, your tokens, and your audit log—not as invisible shadow IT.
NEST is also a complete workforce automation platform: coding, chat, and computer use in one hub—phone, tablet, and desktop.
You deploy: one Docker command on your server. Your team gets: a real-time AI workforce hub accessible from any device — phone, tablet, desktop.
Work is grouped in projects your administrators create. That gives you per-project tracking (who did what, in which session), a memory bank that accumulates context per user and team (the “soul” of how each person works with AI), and approvals before high-risk actions—instead of one-off browser tabs.
| Surface | What employees get today | Notes |
|---|---|---|
| Development | Claude Code, Cursor, Codex, OpenCode, and KiloCode through the annie CLI (npm install -g @contextzero/nest), with MCP for Cursor and Visual Studio Code |
Full CLI + MCP reference |
| Chat | One hub chat on web, desktop, and mobile PWA backed by OpenRouter, Fal.ai, Google Vertex AI, and DeepInfra — 700+ models across text, image, audio, and video | Provider keys stay on the server; employees authenticate to your hub |
| Computer | annie computer — hub-synced “computer use” from CLI and PWA (shell, browser where enabled, files, runbooks). From June 1, 2026, OpenClaw, ZeroClaw, and Hermes ship as wrappers inside Computer (same pattern as Claude, Cursor, …)—not standalone annie subcommands (detail) |
Same approve → execute posture as development sessions |
| Date | Milestone |
|---|---|
| May 1, 2026 | Project management in projects — backlogs, workflow states, and visibility across tasks |
| May 15, 2026 | CRM — contacts and lifecycle (e.g. pre-sales → sales → post-sales) shared across projects |
| June 1, 2026 | annie computer wrappers — OpenClaw, ZeroClaw, and Hermes integrated inside Computer (same attach pattern as other hub-backed agents) |
Role-aware routing (employee reviews → approves → execution on Computer, Claude, Cursor, etc.) ties these modules together—see ROADMAP.md for scope and ship notes.
nest_hub_v0.2.73.mp4
Also in this repository: public/nest_hub_v0.2.73.mp4
| Pillar | What It Means |
|---|---|
| Hub for Enterprise | One app replaces Slack + Notion + Trello + WhatsApp. Projects → Employees → Sessions. Single source of truth. |
| Mobile for the Employee | PWA works on any phone. Approve deployments from the bus. No laptop required. |
| Memory Bank (Souls) | The hub learns each employee. No more re-explaining context every session. Intelligence accumulates. |
| Agent Swarm | Multiple specialized AI agents working in parallel — not one generalist doing everything sequentially. |
git clone https://github.com/contextzero/nest_hub.git
cd nest_hub
./setup.shThat's it. setup.sh auto-generates all secrets, pulls Docker images, starts the stack, and waits for health.
=== NEST ready ===
Web: http://localhost
Open on your phone. Install the PWA. Your hub is live.
Detailed guide: QUICKSTART.md
- Phone-first hub — PWA on any device; approve work without a laptop.
- Production deploy (HTTPS) — public URL, reverse proxy, and operational hardening.
- CLI (
@contextzero/nest) + MCP — enterprise — development agents (Claude Code, Cursor, Codex, OpenCode, KiloCode); MCP for Cursor and Visual Studio Code; phased rollout and token hygiene. - Hub Chat — OpenRouter, Fal.ai, Vertex, DeepInfra; 700+ models (text, image, audio, video) on web, desktop, and mobile—keys on the server, not employee laptops.
- Computer automation wrappers — OpenClaw, ZeroClaw, and Hermes ship inside
annie computeron June 1, 2026 (same pattern as Claude, Cursor, …)—notannie openclaw/annie zeroclaw/annie hermes. - Roadmap: Project management — May 1, 2026 · CRM — May 15, 2026 · Computer wrappers (OpenClaw, ZeroClaw, Hermes) — June 1, 2026 — ROADMAP.md.
- Darwin agents — evolving specialist agents (enterprise).
- CLI on npm:
@contextzero/nest— install withnpm install -g @contextzero/nest; the binary isannie.
| Goal | Start here |
|---|---|
| First-time hub in Docker | QUICKSTART.md → docs/INSTALL.md |
| Public URL + TLS | docs/DEVOPS.md |
| Employee laptops (Cursor, Claude Code, Codex, …) | Enterprise rollout — npm install -g @contextzero/nest → docs/enterprise/annie-cli-mcp-enterprise.md |
| LLM keys, billing, CLI config | docs/CLI-BUSINESS.md |
| Node / Docker / Rust toolchain | docs/INSTALL-FRAMEWORKS.md |
| Enterprise positioning & sales context | docs/enterprise/README.md |
| What shipped vs planned | RELEASES.md · ROADMAP.md |
NEST connects real agents to real infrastructure. Treat CLI tokens, hub URLs, and inbound webhooks as sensitive. Rotate CLI_API_TOKEN on compromise; prefer HTTPS everywhere; scope permission modes per employee and project. Read docs/DEVOPS.md before exposing the stack to the internet. The Important notice at the end of this file describes responsibility boundaries for self-hosted deployments.
┌─────────────────────────────────────────────────────────────────────────┐
│ NEST PLATFORM │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────────┐ │
│ │ CODING AGENTS │ │ AUTOMATION │ │ INTELLIGENCE │ │
│ │ Claude Code │ │ ZeroClaw* │ │ Souls (Memory) │ │
│ │ Cursor │ │ OpenClaw* │ │ Darwin Agents │ │
│ │ Codex │ │ Browser control │ │ Colony Memory │ │
│ │ Gemini │ │ Scheduled tasks │ │ Learning systems │ │
│ │ OpenCode │ │ File management │ │ Cross-team context │ │
│ │ KiloCode │ │ │ │ │ │
│ └──────────────────┘ └──────────────────┘ └──────────────────────┘ │
│ │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────────┐ │
│ │ MOBILE (PWA) │ │ GOVERNANCE │ │ COMMUNICATION │ │
│ │ Phone-first UI │ │ Permission modes│ │ Email automation │ │
│ │ Approve/reject │ │ Audit trail │ │ Telegram bot │ │
│ │ Real-time SSE │ │ Compliance logs │ │ Voice interface │ │
│ │ Touch-native │ │ Per-employee │ │ Research & reports │ │
│ └──────────────────┘ └──────────────────┘ └──────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
*From June 1, 2026, OpenClaw, ZeroClaw, and Hermes ship as wrappers inside annie computer (same pattern as other Computer agents). See docs/enterprise/zeroclaw.md.
YOU (Phone/Tablet/Desktop) SERVER EMPLOYEE MACHINE
────────────────────────── ────────────── ─────────────────────
📱 PWA Dashboard ←── NEST Server (Rust) ←── annie (`@contextzero/nest`)
✅ Approve / Reject Axum + Socket.IO Claude Code
💬 Live Chat ←── SSE real-time stream Cursor / Codex
📊 Audit & Stats ←── PostgreSQL Gemini / OpenCode
🎤 Voice Interface nginx reverse proxy KiloCode / Computer
🖥 Remote terminals (PTY) ←── session streams ←── `annie` CLI (explicit subcommands)
YOUR INFRASTRUCTURE
(self-hosted Docker)
Computer vs bare
annie: From June 1, 2026, OpenClaw, ZeroClaw, and Hermes run as wrappers insideannie computer(same pattern as Claude, Cursor, Codex, …)—see docs/enterprise/zeroclaw.md. They are not standaloneannie openclaw/annie zeroclaw/annie hermescommands. In scripts and CI, always invoke an explicit subcommand (annie claude,annie computer, …); if the first token is not a known subcommand, the CLI behaves likeannie cursor.
| Agent | Command | Description |
|---|---|---|
| Claude Code | annie claude |
Anthropic's flagship coding agent |
| Cursor | annie cursor |
Cursor IDE agent mode |
| Codex | annie codex |
OpenAI's code execution agent |
| Gemini | annie gemini |
Google's multimodal agent |
| OpenCode | annie opencode |
Open-source coding agent |
| KiloCode | annie kilocode |
Task execution + remote control |
| Computer (management) | annie computer |
Hub-synced multi-tool agent: shell, browser, files, git, processes, scheduling—beyond a single IDE |
| ZeroClaw | via annie computer (from Jun 1, 2026) |
Headless automation wrapper — self-correcting autonomous tasks (zeroclaw.md) |
| OpenClaw | via annie computer (from Jun 1, 2026) |
Orchestration wrapper — multi-step workflows + browser control (zeroclaw.md) |
| Hermes | via annie computer (from Jun 1, 2026) |
Computer-use wrapper alongside OpenClaw / ZeroClaw (zeroclaw.md) |
npm install -g @contextzero/nest
annie --helpUse this sequence for macOS, Windows, and Linux machines where employees run Cursor, Claude Code, Codex, OpenCode, or KiloCode. One global install of @contextzero/nest (the annie CLI from that package) connects each workstation to your NEST instance; Context Zero does not host your self‑hosted hub or join your network.
1. Install the CLI (IT or employee, with Node.js LTS + npm):
npm install -g @contextzero/nestConfirm the binary is on PATH:
annie --version2. Authenticate the machine against your hub
Run once per profile (or automate via your MDM / secrets vault using the same variables annie auth login persists):
annie auth loginYou will be prompted for the base URL of your deployment (for example https://nest.yourcompany.com, issued by your organization) and a CLI API token your administrators generate on the server. Verify connectivity:
annie auth status3. Standard agent entry points (after login)
| Surface | Command | Purpose |
|---|---|---|
| Claude Code | annie claude |
Anthropic Claude Code sessions |
| Cursor | annie cursor |
Cursor IDE agent mode |
| Codex | annie codex |
OpenAI Codex sessions (annie codex resume <id> where supported) |
| Gemini | annie gemini |
Google Gemini sessions |
| OpenCode | annie opencode |
OpenCode sessions |
| KiloCode | annie kilocode |
KiloCode task execution |
| Computer | annie computer |
Management / multi-tool agent (shell, browser, files, git, processes, schedulers—hub-synced) |
| MCP bridge | annie mcp |
stdio MCP bridge toward your hub (HTTP target + token) |
| Background worker | annie worker start · list · stop-session <id> |
Remote / long‑running work tied to the hub |
| Hub terminals | (PWA ↔ server ↔ CLI PTY) | Operator shells for debugging and long jobs (treat as privileged) |
Distribute only URLs and tokens from your company domain and identity systems. Employees should install the PWA or native clients from links you control (intranet, MDM, or branded download pages), then use phone, tablet, or desktop to approve work, monitor sessions, and audit activity—without sharing credentials outside your tenant.
Further reading: docs/enterprise/annie-cli-mcp-enterprise.md — full surface: development agents, annie computer (management), remote PTY terminals, worker, MCP, diagnostics; no private source links.
Automation note: if the first argument is not a known subcommand, the CLI treats the invocation as annie cursor. In CI and runbooks, always pass an explicit subcommand (annie claude, annie computer, …).
From June 1, 2026, these ship as wrappers inside annie computer—same governed session and audit model as other Computer-backed agents. See docs/enterprise/zeroclaw.md.
ZeroClaw = Headless automation with self-correction
- Runs tasks autonomously on employee machines
- Observes outcomes and adapts strategy
- Full audit trail in your hub
OpenClaw = Project orchestration
- Task graphs with dependencies
- Multi-step workflows
- Browser and desktop control
Hermes = Computer-use wrapper
- Aligned with NEST Computer for governed operational work alongside OpenClaw and ZeroClaw
- Same hub-synced permissions and audit trail as other Computer sessions
Every task teaches the system. The colony learns:
- Which agents work best for which tasks
- Employee preferences and patterns
- Project context across teams
- Optimal workflows by experience
Specialized agents that evolve:
- User describes a need → System creates agent
- Agent performs task → Performance tracked
- Best agents survive → Replicated across the team
- Continuous improvement → Better results over time
| Aspect | Community (Self-Hosted) | Enterprise |
|---|---|---|
| Deployment | Your Docker server | Our cloud |
| Price | Free ($0 product fee) | Subscription |
| Users | Individual / Small team | Organizations, NGOs, Governments |
| Agents | All coding agents | + Darwin agents + Computer wrappers (OpenClaw, ZeroClaw, Hermes) |
| Memory | Local session history | Colony-wide Souls |
| Governance | Permission modes + audit | Advanced compliance + RBAC |
| Support | GitHub + Community | Dedicated |
Control how much autonomy your AI agents have — per employee, per project, per session:
| Mode | Behavior |
|---|---|
| Default | Agent asks before every action |
| Accept Edits | Agent writes code freely; asks for everything else |
| Bypass | Full autonomy for trusted workflows |
| Plan | Agent proposes a plan but doesn't execute |
| Problem | How Others Solve It | How NEST Solves It |
|---|---|---|
| 15+ apps and shadow corporate AI (unapproved models, tabs, and cost) | Policy PDFs, another checklist | One operating layer — projects, server-side keys, full audit; PM May 1, CRM May 15, Computer wrappers (OpenClaw · ZeroClaw · Hermes) Jun 1 — ROADMAP.md |
| Desk-bound workforce | Slack mobile (partial) | Phone-first PWA — approve from anywhere |
| AI forgets everything | System prompts, RAG hacks | Memory bank / Souls — context accumulates per user and project |
| One agent bottleneck | Manual coordination | Agent swarm — specialists in parallel |
| No executive dashboard for “how we use AI” | N/A | Live hub views — sessions, approvals, and spend tied to projects |
| Personal assistants don't scale | One chatbot per person | Workforce hub — shared memory, structured projects, governed CLIs |
| What you need | Where to go |
|---|---|
| 5-minute start | QUICKSTART.md |
| Full installation reference | docs/INSTALL.md |
| Production deploy (HTTPS, public URL) | docs/DEVOPS.md |
| CLI reference & LLM config | docs/CLI-BUSINESS.md |
| Framework install (Node, Docker, Rust) | docs/INSTALL-FRAMEWORKS.md |
| Enterprise features | docs/enterprise/README.md |
CLI (@contextzero/nest) + MCP (enterprise) |
docs/enterprise/annie-cli-mcp-enterprise.md · ES · DE · FR · PT · ZH |
| Computer wrappers (OpenClaw, ZeroClaw, Hermes) | docs/enterprise/zeroclaw.md |
| Darwin Agents | docs/enterprise/darwin-agents.md |
| Business overview for founders | docs/business/README.md |
| Value proposition | docs/business/value-proposition.md |
| Implementation methodology | docs/methodology/README.md |
| Branding & positioning | docs/branding/README.md |
| What's shipped | RELEASES.md |
| What's coming next | ROADMAP.md |
CLI (on employee machines):
annie claude # Claude Code session
annie cursor # Cursor agent (default if first token is unknown)
annie codex # Codex session (annie codex resume <id>)
annie gemini # Gemini session
annie opencode # OpenCode session
annie kilocode # KiloCode session
annie computer # Multi-tool hub agent (shell, browser, files, ops)
annie mcp # MCP stdio bridge (HTTP target + token)
annie worker start # Background worker (remote spawn)
annie worker list # Active worker sessions
annie worker stop-session <id>
annie auth login # Save credentials
annie auth status # Check connection
annie diagnose # Full diagnostic reportEnterprise — CLI package
@contextzero/nest+ MCP (Cursor, VS Code, Claude, ChatGPT, phased rollout): docs/enterprise/annie-cli-mcp-enterprise.md
Server (from nest_hub/ folder):
./setup.sh # First-time setup (auto-generates secrets)
docker compose up -d # Start the stack
docker compose down # Stop
docker compose logs -f # Stream logs
docker compose ps # Check status
docker compose pull && docker compose up -d # Update to latest| Component | Technology | Distribution |
|---|---|---|
| Server | Rust · Axum · Socket.IO · SSE | Docker Hub |
| Web App | React 19 · Vite · TanStack · Tailwind · xterm.js | Docker Hub |
| CLI | TypeScript · Bun · Ink | npm |
| Database | PostgreSQL 16 | Docker (internal, not exposed) |
| Proxy | nginx Alpine | Docker |
| Initiative | What It Solves | Status |
|---|---|---|
| Souls — Persistent memory | Agents start from zero every session | Design & scoping |
| Multi-agent orchestration | One agent doing everything serially | Strategy ready; runtime pending |
| Forge — Spec-driven development | Implementation disconnected from business intent | Concept defined |
Full details: ROADMAP.md
- Issues & Feature Requests: github.com/contextzero/nest_hub/issues
- Discussions: github.com/contextzero/nest_hub/discussions
- Employee CLI (published): npm package
@contextzero/nest—npm install -g @contextzero/nest→ commandannie
NEST Hub distribution is proprietary. See LICENSE for details.
© 2025–2026 Context Zero — Self-Hosted Workforce Automation Platform
The following is a general information notice for customers and operators. It is not tailored legal advice; your counsel should review it against your contracts, jurisdiction, and regulatory obligations.
Use and compliance. Your organization—not Context Zero Inc. (including its affiliates, contractors, or personnel, collectively “Context Zero”)—is solely responsible for how you deploy, configure, secure, and use NEST Hub, including all outputs of AI agents, integrations, data processing, employment practices, export controls, privacy, sectoral regulations, and internal policies. Context Zero does not supervise your runtime environment and does not assume liability for decisions your employees, agents, or systems make on your infrastructure.
Self‑hosted connectivity. When you operate NEST as self‑hosted software on infrastructure you control, Context Zero does not operate that server, does not receive an automatic administrative connection to it, and cannot access your installation merely because you downloaded or licensed materials from us. Your hub is joined by your users and tooling (for example the annie CLI from npm install -g @contextzero/nest) outbound to the endpoints you configure (your DNS, your TLS certificates, your tokens). Unless you separately contract for managed services that explicitly provide remote administration and scope of access, no member of the Context Zero team is granted inbound access to your servers as part of the self‑hosted product model described in this repository.
No agency. Nothing in this README creates a partnership, joint venture, or agency relationship. Context Zero is a software provider; your company remains exclusively responsible for lawful use, workforce governance, and the security of your deployment.
Public distribution: contextzero/nest_hub · CLI: @contextzero/nest.